MSFT-0261/158417.2 



-18- 



PATENT 



CLAIMS 



WHAT IS CLAIMED IS: 



5 



1. A method of protecting data comprising the acts of: 

creating a first process associated with a first address space; 
creating a second process associated with a second address, said 



first address space being inaccessible to said second process; 

running, in said first process, a first software object which stores 
the data in said first address space; 

running, in said second process, a second software object which 
10 accesses said second address space; and 

directing, by said first software process, an action performable by 
said second software process. 

2. The method of claim 1, wherein the data comprises encrypted content, 
15 and wherein said act of running said first software object comprises the act of: 

starting in said first process an application which renders said 

encrypted content. 



3. The method of claim 2, wherein said encrypted content comprises 



20 



text. 



4. The method of claim 2, wherein said encrypted content comprises 



video 



25 5. The method of claim 2, wherein said encrypted content comprises 

audio. 
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6. The method of claim 1, wherein the data comprises a cryptographic 
key, and wherein said act of running said first software object comprises the act of: 

starting in said first process an application which uses said 

cryptographic key. 

5 

7. The method of claim 1, wherein said act of running a second software 
object comprises the acts of: 

starting, in said second process, a hosting application; 
hosting said second software object by said hosting application. 

10 

8. The method of claim 7, wherein said act of starting a hosting 
application comprises starting a component object model server. 

9. The method of claim 1, wherein said second software object 
15 comprises a web browser which imports, from a remote computing device, code which 

accesses said second address space. 

10. The method of claim 1, wherein said method is performed in a 
computing device having a display associated therewith, said method further comprising 

20 the acts of: 

rendering the output of said first software object in a first window 
having a first region on said display; and 

rendering the output of said second software object in a second 
window different from said first window, said second window having a second region 
25 on said display. 

11. The method of claim 10, wherein said second region at least partly 
coincides with said first region. 
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12. The method of claim 11, wherein said second window is wholly 
enclosed within said first window. 

5 13. The method of claim 1, wherein said directing act comprises calling 

a method on an interface exposed by said second process. 

14. The method of claim 13, wherein said second software object 
comprises a web browser, and wherein said method instructs said web browser to 

10 retrieve a web page from a remote location. 

15. A computer-readable medium having computer-executable 
instructions to perform the method of claim 1. 

!5 16. A system for integrating a secure application with an open 

application on a computing device including a processor, said computing device further 
including an operating system which provides a plurality of processes, each process 
having an address space associated therewith, said system comprising: 

a first application executable on said processor in a first of said 

20 plurality of processes having a first address space, wherein said first application 
accesses protected data in said first address space, and wherein said first application 
provides a service by using a pre-determined software object; 

a second application executable on said processor in a second of 
said plurality of processes having a second address space, wherein said second 

25 application hosts said pre-determined software object, and wherein said second 
application exposes a callable interface to said first application, said first address space 
being inaccessible to said second process. 
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17. The system of claim 16, wherein said first application directs the 
actions of said pre-determined software object by communicating instructions to said 
second application through said callable interface. 

5 18. The system of claim 16, wherein said pre-determined software object 

comprises a web browser which imports, from a remote computing device, code which 
executes on said processor and which accesses data in an address space associated with 
a process in which said pre-determined software object executes. 

10 19. The system of claim 16, wherein said first application protects said 

protected data from observation or modification. 

20. The system of claim 16, wherein said computing device is coupled to 
a display, wherein said first application creates a first window in which said first 
15 application renders its output, said first window defining a first region on said display, 
and wherein said second application creates a second window in which said pre- 
determined software object renders its output, said second window being different from 
said first window, said second window defining a second region on said display. 

20 21. The system of claim 20, wherein said second region coincides at 

least in part with said first region. 

22. The system of claim 21, wherein said second window is wholly 
enclosed within said first window. 

25 

23. The system of claim 20, wherein said second window comprises a 
child of said first window. 
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24. The system of claim 16, wherein said first application instantiates 
one or more of: (a) said second application; or (b) the hosting of said pre-determined 
software object. 



25. A method of using a first software object and a second software 
object on a computing device which includes a display, the method comprising the acts 
of: 

running the first software object in a first process, said first 
process being associated with a first address space; 

running the second software object in a second process, said first 
address space being inaccessible to said second process; 

creating a first window in which said first software object renders 
output, said first window being defined by a first region on the display; and 

creating a second window in which said second software object 
renders output, said second window being defined by a second region on the display 
which coincides at least partly with said first region. 

26. The method of claim 25, wherein said second window is wholly 
enclosed within said first window. 



27. The method of claim 25, wherein said act of running the second 
software object comprises: 

starting a hosting application; and 

hosting said second software object within said hosting 

application. 
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28. The method of claim 27, wherein said hosting application comprises 
a component object model server, and wherein said method further comprises the act 
of: 

said hosting application exposing to said first process a method 
5 callable on said component object model server. 

29. The method of claim 25, wherein said first software object comprises 
instructions which store one or more of (a) content, or (b) a cryptographic key, in said 
first address space, and wherein said act of running the second software object 

10 comprises: 

running a program which imports executable instructions from a 
remote computer and which executes said executable instructions in said second address 
space. 

15 30. The method of claim 25, wherein said executable instructions 

comprise a web browser. 

31. A compute-readable medium having computer executable instructions 
to perform the method of claim 25. 



